The PC Guard security settings provide a multi-layered defense mechanism designed to protect software applications from tampering, reverse engineering, and unauthorized usage in specific environments. The protection strategy is built around a core of integrity checks and anti-debugging measures that are enabled by default, ensuring a robust baseline of security. Key default features include self-checking for modifications, memory anti-dumping, debugger detection, and the renaming of executable sections.
Beyond these foundational protections, PC Guard offers a suite of highly specific, optional controls that developers can enable based on their application's use case. These include advanced features like Run-Time Encryption (RTE) for sensitive code segments and environmental restrictions that can prevent the application from running on virtual machines, under remote desktop sessions, or on systems with specific monitoring tools like Process Monitor or Deep Freeze installed. The licensing system is also tightly integrated with security, with options to automatically reset or delete licenses when file corruption, tampering, or CRC errors are detected. This comprehensive and configurable approach allows for a tailored security posture, balancing high-level protection with the specific operational requirements of the protected software.
Detailed Security Feature Analysis
The security settings are categorized into three primary functions: ensuring application integrity, preventing reverse engineering, and controlling the runtime environment.
Application Integrity and Anti-Tampering
These features focus on detecting and responding to any unauthorized modifications or corruption of the application or its license data. The default configuration is aggressive in protecting file integrity and license status.
| Feature | Default Status | Description & Key Details |
| Self checking against modifications | ON | The protected application checks its encrypted sections for modifications. A failed check could indicate patching attempts, incorrect encryption settings for certain application types, or decryption key conflicts when multiple protected apps with the same signature are run. |
| Reset license if CRC errors are detected | ON | This option requires "Self checking against modifications" to be active. It performs additional CRC checks on the application in memory during decryption. If an error is found, it displays a "File damaged!" message and resets the license status, requiring a new activation code. This is valid for the remote protection method only and does not restore demo limitations. |
| Automatically delete damaged license file | ON | If license information is detected as invalid or tampered with, the application will automatically delete the damaged license file from the target computer. This triggers a "License information is invalid!" message, requires a new activation code, and does not restore demo limitations. |
| Prevent file modifications | OFF | When enabled, the application will refuse to run if modified, displaying a "File damaged!" error. This security measure is only valid for .EXE files. NOTE: An application protected with this option cannot be subsequently re-protected or digitally signed. |
Anti-Debugging and Reverse Engineering Protections
This suite of features is designed to make it difficult for unauthorized parties to analyze, debug, or deconstruct the application's code and functionality. Several key anti-analysis tools are enabled by default.
| Feature | Default Status | Description & Key Details |
| Debugger detection | ON | Actively detects if the application is being run under a debugger. It is recommended that this option remain ON unless debugging a non-encrypted module that uses the protected module is a required use case. |
| Check API hooking | OFF | If enabled, the application will scan for APIs that have been hooked by other programs. If a hooked function is detected, the application will quit immediately. |
| Enable anti-dumping protection | ON | Incorporates protection measures to prevent the application's memory from being dumped by memory analysis tools. |
| Rename sections | ON | Renames the sections of the executable file to random names of variable length, obscuring the application's structure. |
| Erase import directory data | ON | After the application starts, the import directory data is erased from memory to hinder analysis. NOTE: This feature is automatically disabled if the application is being re-protected (i.e., more than one protection layer is applied). |
| RTE enabled (Run-Time-Encryption) | OFF | A unique feature where specific code fragments, marked in the source code, are encrypted. This code remains encrypted in memory and is only decrypted for execution, then immediately re-encrypted. This requires additional programming. RTE is not available for .NET applications. IMPORTANT: If multiple applications share the same remote protection license, this option must be enabled for all of them to prevent decryption errors. |
Runtime Environment and Usage Controls
These settings allow developers to restrict the environments in which their application can run, providing control over system settings, specific software conflicts, and usage scenarios like virtualization or remote access.
| Feature | Default Status | Description & Key Details |
| Extra system time validation checks | OFF | Enables additional checks on the system clock. This is intended for applications using demo mode or limited license features. If an invalid system time is detected, it can reset the demo or limited license. |
| Virtual machine detection | OFF | If enabled, the application will refuse to run on a virtual machine, displaying the message: "This program can not be run under virtual machine." NOTE: The detection techniques are heuristic and may produce false positives in some cases. |
| Check program filename | OFF | The application will not run if its filename has been changed. This feature is primarily useful for EXE applications. |
| Detect Deep Freeze | OFF | Prevents the application from running on a system where Deep Freeze (by Faronics) is installed. |
| Detect ProcMon | OFF | Prevents the application from running if Process Monitor (ProcMon) software is detected on the system. |
| Disable remote sessions | OFF | If enabled, the application will refuse to run in a terminal services (remote desktop) client session. It will display the message: "This application can not be run in remote session". This message is customizable in the language editor. |